Major p0f improvements: other databases support and new p0f_impersonate() function

[pierre@…]

Adds support for new p0f(a,r,o).fp databases (TCP SYN/ACK, RST & RST/ACK, and stray ACK packets).

Adds a p0f_impersonate() function:

Welcome to Scapy (1.2.0.2)
>>> x = p0f_impersonate(IP(dst='10.0.0.1')/TCP(flags='RA'), 'Linux',
... extrahops=4)
>>> x
<IP  flags=DF frag=0 ttl=60 proto=tcp dst=10.0.0.1 |<TCP  seq=<RandInt>
ack=<RandInt> flags=RA window=<RandShort> options=[('NOP', None), ('NOP',
None), ('Timestamp', (310207126,u3333721462L))] |>>
>>> prnp0f(x)
192.168.0.97:ftp_data - Linux 2.4 (?) (dropped, lame) (up: 861 hrs)
  -> 10.0.0.1:www (RA) (distance 4)
>>> x = p0f_impersonate(IP(dst='10.0.0.1')/TCP(flags='S',sport=RandInt()),
'Solaris', osdetails='9', extrahops=3)
>>> x
<IP  flags=DF frag=0 ttl=61 proto=tcp dst=10.0.0.1 |<TCP  sport=<RandInt>
flags=S window=39202 options=[('MSS', 1153), ('NOP', None), ('NOP', None),
('SAckOK', '')] |>>
>>> prnp0f(x)
192.168.0.97:<RandInt> - Solaris 9
  -> 10.0.0.1:www (S) (distance 3)

[pierre@…]

bugfixes, code cleaner, adds p0f_getlocalsigs()

[pierre@…]

bugfixes, code cleaner, adds p0f_getlocalsigs()

[pierre@…]

patch.2 and patch.3 are the same file, my mistake.

As the file description says, the new pacth fixes a few bugs, cleans a bit the code, and adds a p0f_getlocalsigs() to get signatures for the local system.

It also adds different ways to specify the signature to use in p0f_impersonate().

[pierre@…]

bugfix in p0f_getlocalifs()

[pierre@…]

OK... I still had a bug in p0f_getlocalifs() that was causing an incorrect result when multiple signatures for the the same flags were seen ([a, [b], [c]] instead of [a, b, c]).

The good one is patch.4. For now ;-)

[Pierre LALET <pierre@…>]

New patch, same functionalities, for scapy v2

[Pierre LALET <pierre@…>]

The new patch applies to scapy v2, but does exactly the same thing.

[pbi]

Applied in [fa0c948e7ffa]. At last!